From 3d2a2294a8a26be52ee59f07a27ff13ecef2f2fc Mon Sep 17 00:00:00 2001 From: seaweedbrain Date: Sat, 6 Jul 2024 10:59:31 -0400 Subject: [PATCH] Add semgrep scanning --- .github/workflows/deploy.yml | 2 ++ .github/workflows/security_scan.yml | 34 +++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 .github/workflows/security_scan.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0460908..45bd417 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -7,6 +7,8 @@ on: env: DOCKER_IMAGE_NAME: "galera_cluster_healthcheck" jobs: + security_scan: + uses: ./.github/workflows/security_scan.yml build-and-publish-image: name: Build and Publish Docker image runs-on: ubuntu-latest diff --git a/.github/workflows/security_scan.yml b/.github/workflows/security_scan.yml new file mode 100644 index 0000000..5189f44 --- /dev/null +++ b/.github/workflows/security_scan.yml @@ -0,0 +1,34 @@ +name: "Test and Coverage" + +on: + push: + branches: + - '*' + - '**' + - '*/*' + - '**/**' + - '!dev' + tags-ignore: + - '**' + workflow_call: + + + +jobs: + security_scan_analysis: + name: Smegrep Scan Analysis + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: 3.x + + - name: Install semgrep + run: python3 -m pip install semgrep + + - name: Run semgrep + run: semgrep scan --error \ No newline at end of file